Page 309 - DCAP103_Principle of operating system
P. 309
Principles of Operating Systems
Notes Other implications
Use of stored procedures also has several other security implications. By using stored procedures,
a user can be restricted to access only specific rows and columns of a database table. This enables
effective management of user permissions across all the database tables. This database journal
article on SQL Stored Procedures discusses the implications of using them.
9.5.1.7 Additional Layer of Defense (Database Security Patches)
Database vendors release periodic security patches to fix several software bugs in the database
left open during development of the particular version. These patches should be installed on
the database servers as and when they are available. This reduces the chances of the database
being exploited through the known vulnerabilities. Vendors have their own periodicity and
distribution mechanism for security patches. Oracle uses its Security Technology Center to
announce Security Alerts and Patches.
There is an article series published in the database journal that explains the importance and
installation procedures for database patches. One of the articles, describes an SQL Injection
error in the Oracle database and the patch released to fix the error. Similarly, several patches
address certain specific errors that may lead to compromise of the database through different
applications used to access the database. Hence, it is essential to establish several layers of
security on the database to ensure it is safe and secure from attacks.
9.6 Firewall
A firewall is a part of a computer system or network that is designed to block unauthorized
access while permitting authorized communications. It is a device or set of devices that is
configured to permit or deny network transmissions based upon a set of rules and other
criteria.
Firewalls can be implemented in either hardware or software, or a combination of both.
Firewalls are frequently used to prevent unauthorized Internet users from accessing private
networks connected to the Internet, especially intranets. All messages entering or leaving
the intranet pass through the firewall, which inspects each message and blocks those that
do not meet the specified security criteria.
There are several types of firewall techniques:
1. Packet Filter: Packet filtering inspects each packet passing through the network and
accepts or rejects it based on user-defined rules. Although difficult to configure, it is
fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.
2. Application Gateway: Applies security mechanisms to specific applications, such as FTP
and Telnet servers. This is very effective, but can impose a performance degradation.
3. Circuit-level Gateway: Applies security mechanisms when a TCP or UDP connection is
established. Once the connection has been made, packets can flow between the hosts
without further checking.
302 LOVELY PROFESSIONAL UNIVERSITY
